My research centers on the critical intersection of cybersecurity and the Internet of Things (IoT), recognizing the pervasive use of IoT devices in homes, industries, and critical infrastructures, where their security is paramount. Insecure IoT devices can potentially enable large-scale cyberattacks, threatening the integrity of the Internet itself. Considering the IoT-specific security challenges, my research aims to develop novel security mechanisms, protocols, and security assessment frameworks tailored to emerging IoT environments.
Ongoing Research: Securing the EV Charging Ecosystem
The EV charging ecosystem represents a cyber-physical infrastructure, which implements a collection of specialized software on the underlying EV Charging Stations (EVCS) to facilitate remote administrative (e.g., monitoring and logging) and user functionalities (e.g., locating EVCS, managing/scheduling sessions, and payments) through the implemented firmware/software on the EV charging equipment along with other Web/Mobile application interfaces. The primary intent of this research is to propose a framework for evaluating the security posture of the EV charging ecosystem against cyber-attacks through systematic analysis of the firmware/software components to detect vulnerabilities while assessing their severity, exposure, exploitability, and impact. I also aim at leveraging the security assessment and the identified vulnerabilities to propose practical and effective software patches that address the security issues while preventing future cyber-attacks. This will include communicating the knowledge (vulnerability/patch) with infected product vendors and developers prior to publication of results to ensure an effective and timely patch deployment and management.
A Multi-Dimensional Deep Learning Framework for IoT Malware Classification and Family Attribution
In this research, we proposed a next-generation classification approach for effective IoT malware detection and family attributions using static malware analysis techniques and multi-modal deep learning methods. Our approach, which utilized features extracted from image- and strings-based representation of the IoT malware binary, outperformed conventional ML/DL approaches in terms of classification accuracy. Thus, contributing to better classification and malware family attribution. Additionally, we present a novel approach aiming at combating “concept drift” and the limitations of inter-family IoT malware classification by detecting drifting IoT malware families and understanding their diverse evolutionary trajectories. This work introduces a robust and effective contrastive method that learns and compares semantically meaningful representations of IoT malware binaries and codes without the need for expensive target labels.
Development of data-driven methodologies that drive the implementation of a scalable framework for IoT-centric threat detection, forensic analysis, and intelligence reporting
Motivated by these challenges, my Ph.D. research focused on designing and developing data-driven methodologies that leveraged passive network measurements and traffic towards inferring Internet-scale IoT exploitations and uncovering their underlying relationships within well-coordinated botnets. My Ph.D. research contributed to addressing three main research problems: First, by analyzing darknet traffic along with IoT device information collected from online search engines (e.g., Shodan), I uncovered the nature of IoT-centric unsolicited activities (e.g., Internet Scanning) and their characteristics. These findings render a first attempt to empirically shed light on the large-scale insecurity of the IoT paradigm. Second, I proposed data-driven approaches rooted in data mining and unsupervised learning methods to uncover emerging IoT malware/botnets, illustrated by clusters of correlated compromised IoT devices with similar scanning characteristics. Third, I developed a system that provides an infrastructure for enabling threat detection and fingerprinting.